• Mimi Zohar's avatar
    selftests/ima: kexec_load syscall test · a802ed0d
    Mimi Zohar authored
    The kernel CONFIG_KEXEC_VERIFY_SIG option is limited to verifying a
    kernel image's signature, when loaded via the kexec_file_load syscall.
    There is no method for verifying a kernel image's signature loaded
    via the kexec_load syscall.
    
    This test verifies loading the kernel image via the kexec_load syscall
    fails when the kernel CONFIG_KEXEC_VERIFY_SIG option is enabled on
    systems with secureboot enabled[1].
    
    [1] Detecting secureboot enabled is architecture specific.
    Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
    a802ed0d
test_kexec_load.sh 1.26 KB